Blog: How Tos

Password re-use: the game is changing, SO USE A PASSWORD VAULT!

consultant-placeholder10 Ken Munro 21 Feb 2014

A couple of quick questions for you:
1. How many online accounts do you have?
2. How many passwords do you use?

If your answer to number one is greater than your answer to number two then you are putting yourself at risk.
Using the same password across multiple accounts can spell trouble, and here’s why.

In October 2013 Adobe was hacked and up to 30 million credit card details were stolen. Not pleasant, but alongside that around 150 million customer passwords were stolen, along with the corresponding email addresses.

The people who used the same credentials for their Adobe accounts as for their Facebook, e-commerce, or banking applications were suddenly extremely vulnerable.

Password reuse makes life easier, right? I mean, who wants or even needs to keep a bunch of useless information like multiple passwords in their head all the time? Seriously, who cares if your Twitter account gets hacked? All you do is request a password reset and clear up the junk- everything is fine and you can go back to normal.

Now, how about if your Twitter password is the same as your online banking login? Still no problem? Wrong. If a hacker manages to steal your password from one site, then if you use the same password across lots of sites they too can access those accounts.

Once your social media site details are compromised your identity can be stolen, loans are fraudulently taken out in your name, credit cards scammed, your cloud backup is accessed, your family photos get deleted etc. etc. …it happens every day, sadly

You can check to see if your details may have been compromised using resources such as by Troy Hunt

…and whether you have been compromised or not now is a good time to review your accounts and clear up any password reuse.

While it is relatively easy to remember a handful of complex passwords for banking and social media, it is harder to remember them for the myriad of other accounts you might have. If this sounds like you then consider using a password vault.

There are free products out there such as Lastpass and Keepass, and there may well be a free vault with your anti-virus security suite subscription.

Vaults create a different, complicated password for you, every time you log in. You never have to remember it, and it even does the logging in for you!

Personally, I avoid vaults for really important sites, like online banking

While we’re at it, here are a few tips for a good password

Make it long, avoid words or names and ‘pad’ it with non alpha numeric characters.

££MyDogIs12YearsOld££ – characters that aren’t on the US keyboard are a good choice, as many cracks will start with the US character set.

The above can be cracked in time with tools such as hashcat, but if you have any characters unique to your national language, try to use them.